Android ‘Master Key’ Security Flaw Discovered

Android 'Master Key' Security Flaw DiscoveredA “master key” that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox. The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

‘Loophole’

The loophole has been present in every version of the Android operating system released since 2009. Google said it currently had no comment to make on BlueBox’s discovery. Writing on the BlueBox blog, Jeff Forristal, said the implications of the discovery were “huge”.


‘Malicious changes’

The bug emerges because of the way Android handles cryptographic verification of the programs installed on the phone. Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with. Mr Forristal and his colleagues have found a method of tricking the way Android checks these signatures so malicious changes to apps go unnoticed.

Any app or program written to exploit the bug would enjoy the same access to a phone that the legitimate version of that application enjoyed. The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves.

Do you think the discovery of this “master key” to Android is significant? Can Google find a way to remedy this loophole?

Source: BBC News

Image: UK Mobile Review

Free Mobile Apps Consume Battery Life Faster

Free mobile apps which use third-party services to display advertising consume considerably more battery life, a new study suggests.

Researchers used a special tool to monitor energy use by several apps on Android and Windows Mobile handsets. Findings suggested that in one case 75% of an app’s energy consumption was spent on powering advertisements.  author Abhinav Pathak said app makers must take energy optimisation more seriously.

Free applications typically have built-in advertisements so developers can make money without having to charge for the initial app download. Mr Pathak told the BBC that developers should perhaps think twice when utilising third-party advertising and analytics services in their app.


The research, produced by at team at Purdue University in Indiana, USA, looked at popular apps such as Angry Birds and Facebook. Due to restrictions built into Apple’s mobile operating system, the team was unable to run tests on the iPhone. In the case of Angry Birds, research suggested that only 20% of the total energy consumption was used to actually play the game itself. Of the rest, 45% is used finding out your location with which it can serve targeted advertising.

The tests were carried out by running the app over a 3G connection. The results noted that many apps leave connections open for up to 10 seconds after downloading information. In Angry Birds, that brief period – described by researchers as a “3G tail” – accounted for over a quarter of the app’s total energy consumption.

Source: BBC News

Image: Haveeru Online